Protect My Privacy

iOS App Privacy Protection

Protect My Privacy (PMP) lets you protect the personal information on your iPhone. It provides a layer of security between apps and the operating system, thereby giving the control back to the user. When an app attempts to access any protected information, an alert is shown and you have the option to "Protect" or "Allow". The software is unique in that rather than merely blocking access to the information, which could cause the app to have unexpected behaviour or even crash, PMP instead supplies fake replacement information, such as randomized contact names, or a location specified by you. You can quickly switch between real and fake information, even while the app is running. PMP also provides automatic protection using crowd-sourced recommendations, this uses information from previous manual decisions made by other users for the same app.

In recent years, the phenomenal growth of smartphones and apps running on them has raised significant privacy challenges. In part these challenges are due to the millions of apps created for these platforms, by thousands of developers, not all of whom can be trusted. While OS manufacturers do have review processes in place, often they fail to capture privacy leaks such as have come to light recently. For example, the Path app accessed and transmitted its users' address book, including names, email addresses and phone numbers, without permission. The use of this information could range from profiting from internet marketing scams, to detailed user tracking and other misuses. We believe that many such privacy invasions exist, and PMP provides the mechanisms to not only detect but also protect the user's privacy from rogue developers by degrading their ability to profit from this information. PMP relies on individuals to make the choices of what information should be protected or allowed. This information drives our crowd-sourced recommendation feature that provides an automated way of making these decisions. In order to do this the only information we receive are the decisions you make about protecting or allowing to enable this crowd-sourced feature. Right now we can protect your location, identity and contacts (Address Book) and music. Future versions will protect even more kinds of information.

PMP has been developed at the University of California San Diego, and is freely available for use by anyone. The research project is a collaboration between Dr. Yuvraj Agarwal and Dr. Malcolm Hall. Yuvraj is a Research Faculty in the Computer Science and Engineering Department at UCSD and Malcolm is a Visiting Researcher in the same department. In case you are wondering what information we specifically collect, please see the Help. Note that providing your data is voluntary and you can decide whether or not you want to contribute your data inside the app. As academic researchers, we are interested in which apps access private information, studying the privacy decisions of users and the effectiveness of our recommendation engine. We reserve the right to publish the results of this study in academic research conferences. Please note, we take your privacy very seriously and therefor all data is anonymous, is transmitted securely over SSL and stored secrurely.

PMP currently requires a jailbroken iPhone, all current devices are jail breakable on iOS 7 using evasi0n. Once jailbroken you will find PMP in the included Cydia store from the BigBoss repository. It works on iPhone, iPad and iPod Touch running iOS 5.1.1 and higher.

Screenshots

When PMP detects that an app tries to access private information, it displays an alert to allow you to choose automatic protection settings based on crowd-sourced recommendations.

Bringing down the Notification Center displays quick access to changing the protection settings. The star in top left is yellow and the button labels are yellow which shows recommended protection settings are being used. If the star or a button is tapped it switches back to manual mode. Coming soon to iOS 7.

NOTE: To enable this feature, from your home screen go to the Settings app, Notifications, scroll to the very bottom and you will see Protect My Privacy in the "Not in Notification Center" section. Tap it and turn it on. Then after you tap the back button, tap edit and drag it to the very top so it appears first like in the above screenshot.

The PMP app displays the protection configured so far. New apps appear in this list as information accesses are detected. The subtitle in each row shows what the user chose to protect, which may or may not be accessed by the app.

Protection can be configured per app and you can see what types of information have been accessed (in black text). By resetting the settings, alerts will be shown in the app again when each type of information is accessed.

Within the PMP app its possible to view and configure the replacement information given to apps when PMP is in protecting. Currently we let the user configure their location or generate a new identifier.

You can configure your fake location to be anywhere in the world, chosen using the familiar map interface.

An example of how protecting your contacts affects the Facebook app. As you can see the names, phone numbers and emails are all jumbled up.

This alert appears in any app that accesses one of the protected pieces of information. In the above image, PMP has detected that Flixster is trying to access contacts yet the box office feature being looked at has no obvious use for them. You have the option to fake, deny or allow. On iOS 6 the deny option turns on the built in OS contacts protection.

You can prevent apps monitoring your significant location moves, saving battery life too. However in this case the app has explained it is to help find nearby deals.

Developers: Feel your app Might be flagged incorrectly?PMP simply notifies users when certain types of privacy sensitive information is accessed by a particular application. The users are then free to choose which access to allow or protect. In case you are an app developer and you feel that your application maybe accessing this information unknown to you, please use PMP to determine if that is indeed the case. If you believe that your app is flagged incorrectly, then please check any 3rd party libraries first that you might have linked against. In case you need us to audit your app please contact us.

Disclaimer: We are a non-profit research group and the app is currently being tested. We do not take responsibility for any possible errors. This is a research project and we reserve the right to publish our findings at academic conferences. For more information see the Help.